Notifications
Clear all
Topic starter
22/06/2026 10:07 am
TL;DR: AI agents are creating a governance gap because most identity and security tools were built for people, not digital actors that access data, execute tasks, and make decisions autonomously, according to Omada Identity. The practical issue is not visibility alone, but accountability, privilege scope, and audit evidence across AI agents and other non-human identities.
NHIMG editorial — what this means for AI and NHI governance
By the numbers:
- 72% of organisations have experienced or suspect they have experienced a breach of non-human identities, 46% confirmed and 26% suspected.
- 70% of organisations grant AI systems more access than they would give a human employee performing the exact same job.
- Only 44% of organisations have implemented any policies to manage their AI agents, despite 92% agreeing that governing AI agents is critical to enterprise security.
Questions worth separating out
Q: How should security teams govern AI agents as identities?
A: Security teams should govern AI agents as identities by assigning ownership, defining purpose, scoping access, and placing them into lifecycle review.
Q: Why do AI agents complicate identity governance?
A: AI agents complicate identity governance because they can change activity patterns faster than traditional review cycles can observe.
Q: What breaks when AI agents are managed like ordinary service accounts?
A: What breaks is accountability.
Practitioner guidance
- Inventory AI agents as governed identities Create a register that records owner, business purpose, system reach, and retirement condition for every AI agent.
- Compare granted access with actual agent usage Review permissions against telemetry from data platforms, cloud services, and execution logs to identify excess reach.
- Extend access review and recertification to AI agents Fold AI agents into recurring governance reviews with the same expectation of evidence, attestation, and removal decisions that apply to other non-human identities.
What's in the full announcement
Omada Identity's full announcement covers the operational detail this post intentionally leaves for the source:
- How Omada describes the governance workflow for AI agents across identity, access, and ownership records.
- Which framework mappings and compliance evidence the vendor says the solution is designed to support.
- How the announcement positions visibility, accountability, and risk comparison across AI agents and other non-human identities.
- What attendees can see at Identiverse 2026 if they want the vendor's own walkthrough of the capability.
👉 Read Omada Identity's announcement on AI agent governance and identity control →
AI agent governance: what changes for IAM and IGA teams?
Explore further
22/06/2026 10:53 am
AI agent governance is now an identity problem, not only an AI problem. Once an agent can access systems, move data, and execute tasks, it becomes a governed identity subject rather than a simple automation asset. That shifts the control question from model quality to ownership, entitlements, and evidence. Practitioners should treat AI agent sprawl as part of the broader non-human identity population.
A few things that frame the scale:
- 70% of organisations grant AI systems more access than they would give a human employee performing the exact same job, according to the 2026 Infrastructure Identity Survey.
- Only 13% of organisations feel extremely prepared for the reality of agentic AI, which helps explain why governance is lagging adoption.
A question worth separating out:
Q: Who should own AI agent access decisions?
A: AI agent access decisions should sit with the business and identity owners who can explain why the agent exists and what work it performs. Platform teams can operate the controls, but they should not be the only group deciding access. Clear ownership is what turns access management into governance rather than simple administration.
👉 Read our full editorial: Omada Agent Governance shows the identity gap for AI agents
